Principi e strumenti del whistleblowing: il caso GlobaLeaks

11 March 2015, Centro Nexa, Torino 73° Mercoledì di Nexa - Hermes Center for Transparency and Digital Human Rights ://globaleaks.org - http://logioshermes.org

Hermes Center for Transparency and Digital Human Rights

https://globaleaks.org

Who’s using Whistleblowing and how Whistleblowing

Whistleblowing + Technology = Citizens Power Digital Whistleblowing Paradigm change

When “online” psychological barrier reduce Digital Security and Privacy Challenges for Whistleblowing Digital Whistleblowing works only with strong privacy But online reporting actions could leave online Especially due to corporate & government surveillance INTERCEPTION TRACING • Email • Email • Web Browsing • Web Browsing • Phone Calls • Location tracking • Location tracking • Proxy Logs • Metadata

Unknown or Inappropriate Data Retention Policies Surveillance kills trust Distrust kills whistleblowing Restore trust and confidence by the Digital Security Digital Anonymity Data Encryption Anonimity vs. Confidentiality

• Anonimity and Confidentiality – Confidentiality: I know who you are, but i am not going to tell to anyone – Anonymity: I don’t know who you are and i’ve no way to find it out

• Analog vs. Digital Anonimity – Analog: I don’t tell you who i am – Digital: I don’t tell you who i am and where is my computer (IP address)

• Anonimity Technology: – Used everyday by +500.000 persons – +5000 volounteers – Co-financed by US Government

• Improving ’s trust by giving real, verifiable security guarantees • The choice of privacy level have to stay in the Whistleblower’s hands GlobaLeaks Security

• Digital Anonymity – Submission via Tor or /HTTPS

• Data Encryption – Files encrypted with PGP

• Data Retention – Submissions are deleted every 2 weeks, keep server clean

• Secure system – 4 professional security review (isecpartners, cure53, leastauthority, Veracode)

• Whistleblower Awareness – PrivacyBadge – Forced disclaimers – Awareness messages

Digital Whistleblowing Tactics for Social Change

Who’s using Digital Whistleblowing and how? Whistleblowing 2.0

•Technology enabled new way to make “Whistleblowing”

of Civil society Activists (WikiLeaks, WildLeaks, Pistaljka, FiltraLa, BalkanLeaks, etc)

•Media (Forbes, , Washington Post, Aljazeera TU, WSJ SafeHouse, etc)

•Investigative Journalism Groups (MagyarLeaks, IRPILeaks, ExpoLeaks, etc)

•Website taking action on petty corruption such as iPaidaBribe (India,Nepal,Pakistan,Gujana,Hungary)

•Website of national anticorruption authorities & TI’s ALAC (Austria, Kenia, TI-it, etc)

•Web portal for whistleblowing procedures of corporations and public agencies •To get more in depth : http://leakdirectory.org

Investigative Journalist Digital Dropbox • Investigative Journalist Groups acting on Topics of Public Interests • Journalistic investigation and fact-checking done in-house • Publishing of scoops and articles

https://irpi.eu/irpileaks/ http://atlatszo.hu/magyarleaks http://www.perun.rs / Coordinate release/ across multiple media

Select Category Fact Checking Media Publishing Send Tip Investigative Journalism Pistaljka: Anti Corruption Activism

http://pistaljka.rs Initiative supported by: /

Structured workflow of operation for Serbian wholesale anticorruption initiative

Authorities Send Tip Issue FOIA Serbian Gov Media LJOST: Government Transparency Activism Iceland Government Transparency Activism http://www.ljost.is

Recent Achievements: • 30 December 2013: Release of Iceland Banking Collapse raw data • 31 December 2013: Ministry of Finance found to be key stakeholder in saved banks

May lead Crowdsourcing Validation Raw Data to Send Tip Publishing Publishing of Factchecking Multi Stakeholders Digital Whistleblowing

PubLeaks Foundation • Consortium by all media partners 42 media partners • Manage the IT infrastructure • National Media • Can’t access to Leaks • Printed Journal • Provide technical support • Online Media • Provide “Secure” Laptop • TV • Local Media

Achieved amazing result in few months • Abuse of power by politicians • Abuse of public funds https://publeaks.nl • Already got attempt of Takedown https://secure.publeaks.nl Exclusivity

IF only 1 media Publishing on media Select Media Fact Platform Checking (web, Send Tip printed, Max 3 in parallel out of 42 tv) IF multiple media receive the leaks

• Embargo Period • Cooperation Rules

MUST write that source come from publeaks Key Points: • Stimulate cooperation • Stimulate competition • Whistleblower select receipient based on the media’s reputation

MafiaLeaks: Activism against Organized Crime http://www.mafialeaks.or g

Mafia Whistleblowers Authorities

Victim of Mafia MAFIA Antimafia Journos LEAKS “I know something” AntiaMafia NGO WildLeaks: WildLife Crime Activism

Multi Stakeholder Initiative by:

Elephant Action League (US) Environmental Investigation Agency (UK) Oxpeckers Center (South Africa) EcoJust (NL) Global Eye (Africa and Southeast Asia) https://wildleaks.org/

Multi Stakeholder organization taking action in collaborative way on Wild Life Crime

Authorities Send Tip Collaborative Other NGOs Investigation Action Local Communities

Media InfoDio: Anti Corruption Blogging

http://infodio.com Venezuela bi-linguistic / Censored in Venezuela by Movistar on 17/01/2014

Exposing Corruption in Venezuela trough Investigative Journalism & Blogging based on Leaks

Send Tip Investigation Direct Publishing on Infodio Blog Publishing Salzburg PiratenPartei: Political Activism

Report by citizens on malpractices/doubt act by Salzburg Municipality & Controlled companies

- Political Campaigning Send Tip Verification Take - Municipality Questioning action - Policy Advocacy for corrective actions

http://salzburger- piratenpartei.at/?p=1168 ALAC: Transparency International Italy

https://www.transparency.it/alac ● Started in Nov 2014 ● 40 good tip Feb 2015 ● Strict questionaries focusing on information quality ● Try to address Whistleblower inquiry trough the right channel ● Roadmap for improvement Experimental / Practical handling of anticorruption Tip, considering whistleblower safety Anticorruption Officer Deal with Send Tip ANAC Whistleblower Action Authorities

Media https://www.expoleaks.it by IRPI - Investigative Reporting Project Italy & Wired Italy MANY OTHERS

What are your Whistleblowing social schema and ideas?

OK: What’s about Italy?

➔Cosa succede in italia? WB: Reputazione e Terminologia

http://blog.terminologiaetc.it/2013/06/12/significato-traduzione-whistleblower/ Whistleblowing & Law

• Whistleblowing = Anticorruzione 190/2012

• Criticità: – Disincentivo a segnalare (se a conoscenza) – Disincentivo a parlare (se coinvolti) – Disincentiva i responsabili anticorruzione Whistleblowing & ANAC

• Ricevono segnalazioni tramite [email protected] – Imbarazzante.... • Nuove procedure improntate sulla compliance normativa, non sull’efficacia...!

Dice il saggio: "per il momento l'autorità italiana anticorruzione non sembra tenere in considerazione il whistleblowing come strumento di contrasto alla corruzione" Whistleblowing & Tecnologia • Molte Pubbliche Amministrazioni stanno implementando soluzioni tecnologiche “in-house” (spesso molto, molto, discutibili)

• Improvvisati esperti di sicurezza soddisfano esigenze di “compliance”

• Manca governance delle tecnologie anticorruzione Principi e strumenti del whistleblowing: il caso GlobaLeaks

11 March 2015, Centro Nexa, Torino 73° Mercoledì di Nexa - Hermes Center for Transparency and Digital Human Rights https://globaleaks.org - http://logioshermes.org

FINE :-) Le slide che seguono sono eventualmente utili x la discussione How to setup a Whistleblowing initiative?

➔Practical brainstorming ➔Let’s plan your whistleblowing initiative! What do you want to achieve?

Define your whistleblowing project goals (aligned with your social goals) The “leaks”

• Which information are you looking for?

• How do you qualify the information received?

• What do you realistically expect to receive? The “Whistleblowers”

• Who are the sources/whistleblowers that are likely to send you information?

• Which are the motivations driving a source/whistleblower to send you an information?

• Which languages are spoken by Whistleblowers?

What do you do with the leaks?

• What are you going to do with information received?

• How you are going to verify/fact-check them?

• Who are the persons involved in handling the leaks?

• Did you clearly, publicly documented your data management & editorial policy? Assess your organizational capacity

• How do you organize yourself?

• Do you have all the relevant skills and effort available to run the project?

Legal Framework

• Did you assess your legal risks in soliciting whistleblowers and taking actions on received information?

• Which are legal liabilities of different stakeholders (Whistleblowers, Receivers, Maintainer)?

• Are you operating as informal individual group or as a legal entity? Who’s liable for that? Communication & Campaigning

• Leaks are not coming alone, you need to solicit them!

• What’s your media strategy?

• How you are going to campaign for that?

• How you will manage critics coming to you?

• Do you have partners to work with?

• Are you going to “surf the news” with targeted-campaign? Operational Security • Who is interested in acquiring the “leaks”? Which are their capabilities?

• How do you protect the information you receive?

• How do you protect the communication among the people taking actions on the leaks? Whistleblower Security • Do you understand the risks that the Whistleblower is facing?

• Did you clearly communicate the “social” and “technological” risks to the Whistleblower?

• What level of protection are you providing to the Whistleblower (See next slide)? Anonimity vs. Confidentiality

• Anonimity and Confidentiality – Confidentiality: I know who you are, but i am not going to tell to anyone – Anonymity: I don’t know who you are and i’ve no way to find it out

• Analog vs. Digital Anonimity – Analog: I don’t tell you who i am – Digital: I don’t tell you who i am and where is my computer (IP address)

• Anonimity Technology: Tor – Used everyday by +500.000 persons – +5000 volounteers – Co-financed by US Government

• Improving Whistleblower’s trust by giving real, verifiable security guarantees

• The choice of privacy level have to stay in the Whistleblower’s hands Workshop

Let’s do together a Whistleblowing Initiative!

IDEAS? :-) Principi e strumenti del whistleblowing: il caso GlobaLeaks

11 March 2015, Centro Nexa, Torino 73° Mercoledì di Nexa - Hermes Center for Transparency and Digital Human Rights https://globaleaks.org - http://logioshermes.org